In early March this year, while investigating various threats as part of our Facebook malware cleanup effort, we ran across an interesting one that was spreading in zipped files attached to messages.
The messages themselves were classic social engineering bait that lead the users to install the executable file in the attachment, which turned out to be a Bitcoin miner, which we identify as Trojan:W32/Lecpetex.
Some of the more interesting details of our analysis are presented in our Lecpetex whitepaper.
Facebook's own investigation into Lecpetex lead to an operation to take down the botnet. More details about their takedown effort, and the results from their parallel analysis of the malware, are available here.
Post by — Mangesh
Updated to add details and link to Facebook's takedown post.